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a corresponding digital license for rendering the digital content, 
the method comprising: 

deriving a first key from a source available to the device; 
obtaining a first digital signature from the digital content package; 
applying the first key to the first digital signature to validate the first 
digital signature and the digital content package; 

deriving a second key based on the first digital signature; 
obtaining a second digital signature from the license; and 
applying the second key to the second digital signature to validate the 
second digital signature and the license. 



107. The method of claim 106 wherein deriving the first key comprises: 
obtaining a first encrypted key from the license; 

applying a key available to the device to the first encrypted key to decrypt 
the first encrypted key; 

obtaining a second encrypted key from the digital content; and 

applying the decrypted first encrypted key to the second encrypted key to 

produce the first key. 



108. The method of claim 107 wherein the encrypted digital content is 
decryptable according to a decryption key (KD), and wherein the first encrypted key is the 
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decryption key (KD) encrypted with the device public key (PU-D) (i.e.,(PU-D (KD))). 

109. The method of claim 107 wherein the device has a public key (PU-D) and 
a private key (PR-D), and wherein the key available to the device is (PR-D). 



decryptable according to a decryption key (KD), wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
second encrypted key is the content provider public key (PU-C) encrypted with the decryption 
key (KD) (i.e., KD (PU-C)). 

111. The method of claim 107 wherein the second encrypted key is the basis 
for the first digital signature. 

1 12. The method of claim 106 wherein deriving the second key comprises: 
obtaining a signed certificate from the license, the signed certificate 

having contents therein; and 

applying the first key to the signature of the signed certificate to produce 
the contents of the certificate and also to validate the signature. 



110. The method of claim 107 wherein the encrypted digital content is 



113. The method of claim 1 12 wherein the digital license is provided by a 
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license provider having a public key (PU-L) and a private key (PR-L), and wherein the contents 
of the certificate is (PU-L). 

114. The method of claim 1 13 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
signed certificate is a certificate containing the license provider public key (PU-L) and signed by 
the content provider private key (PR-C) (i.e., (CERT (PU-L) S (PR-C))). 

115. The method of claim 1 13 wherein the digital content package is provided 
by a content provider authorized by a root source to provide the package, wherein the root 
source has a public key (PU-R) and a private key (PR-R) and wherein the signed certificate is a 
certificate containing the license provider public key (PU-L) and signed by the root source 
private key (PR-R) (i.e., (CERT (PU-L) S (PR-R))). 

116. The method of claim 106 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
first key is (PU-C). 

117. The method of claim 1 16 wherein the encrypted digital content is 
decryptable according to a decryption key (KD), and wherein the first digital signature is based 
on the content provider public key (PU-C) encrypted with the decryption key (KD) and is signed 
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by the content provider private key (PR-C) (i.e., (KD (PU-C) S (PR-C))). 



118 



The method of claim 1 17 wherein deriving (PU-C) comprises: 



deriving (KD) from a source available to the device; 



applying (KD) to (KD (PU-C) S (PR-C)) to produce (PU-C). 



119. The method of claim 118 wherein the device has a public key (PU-D) and 
a private key (PR-D), wherein the license has the decryption key (KD) encrypted with the device 
public key (PU-D) (i.e., (PU-D (KD))), and wherein deriving (KD) comprises: 

obtaining (PU-D (KD)) from the license; 

applying (PR-D) to (PU-D (KD)) to produce (KD). 



description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the license rights description being encrypted with the decryption key (KD) (i.e., 
(KD (DRL))), the method further comprising applying (KD) to (KD(DRL)) to obtain the license 
terms and conditions. 

121 . The method of claim 1 19 wherein the license has a license rights 
description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the method further comprising: 



120. The method of claim 1 19 wherein the license has a license rights 
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evaluating the license terms and conditions to determine whether the 
digital content is permitted to be rendered in the manner sought; 

if so, applying (KD) to the encrypted digital content to decrypt such 
encrypted digital content; and 

rendering the decrypted digital content. 

122. The method of claim 1 16 wherein the encrypted digital content package is 
provided by a content provider authorized by a root source to provide the package, wherein the 
root source has a public key (PU-R) and a private key (PR-R) and wherein the first digital 
signature is a signed certificate containing the content provider public key (PU-C) and signed by 
the root source private key (PR-R) (i.e., (CERT (PU-C) S (PR-R))). 

123. The method of claim 106 wherein the digital license is provided by a 
license provider having a public key (PU-L) and a private key (PR-L), and wherein the second 
key is (PU-L). 

124. The method of claim 123 wherein the second digital signature is a digital 
signature encrypted with the license provider private key (i.e., (S (PR-L))). 

125. The method of claim 124 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), wherein the license 
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has a certificate containing the license provider public key (PU-L) and signed by the content 
provider private key (PR-C) (i.e., (CERT (PU-L) S (PR-C))), and wherein deriving (PU-L) 
comprises: 

deriving (PU-C) from a source available to the device; 
obtaining (CERT (PU-L) S (PR-C)) from the license; and 
applying (PU-C) to (CERT (PU-L) S (PR-C)) to validate (CERT (PU-L) 
S (PR-C)), to produce (PU-L) and also to validate the content provider. 

126. The method of claim 125 wherein the encrypted digital content is 
decryptable according to a decryption key (KD), wherein the first digital signature is based on 
the content provider public key (PU-C) encrypted with the decryption key (KD) and is signed by 
the content provider private key (PR-C) (i.e., (KD (PU-C) S (PR-C))), and wherein deriving 
(PU-C) comprises: 

deriving (KD) from a source available to the device; 
applying (KD) to (KD (PU-C) S (PR-C)) to produce (PU-C). 



• 



127. The method of claim 126 wherein the device has a public key (PU-D) and 
a private key (PR-D), wherein the license has the decryption key (KD) encrypted with the device 
public key (PU-D) (i.e.,(PU-D (KD))), and wherein deriving (KD) comprises: 

obtaining (PU-D (KD)) from the license; 

applying (PR-D) to (PU-D (KD)) to produce (KD). 
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128. The method of claim 127 wherein the license has a license rights 
description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the license rights description being encrypted with the decryption key (KD) (i.e., 
(KD (DRL))), the method further comprising applying (KD) to (KD(DRL)) to obtain the license 
terms and conditions. 

129. The method of claim 127 wherein the license has a license rights 
description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the method further comprising: 

evaluating the license terms and conditions to determine whether the 
digital content is permitted to be rendered in the manner sought; 

if so, applying (KD) to the encrypted digital content to decrypt such 
encrypted digital content; and 

rendering the decrypted digital content. 

130. A method for a device to interdependently validate a piece of digital 
content and a corresponding digital license for rendering the digital content, the digital content 
being encrypted, the encrypted digital content being decryptable according to a decryption key 
(KD) and being packaged in a digital content package, the digital content package being 
provided by a content provider having a public key (PU-C) and a private key (PR-C), the digital 
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license being provided by a license provider having a public key (PU-L) and a private key (PR- 
L), the device having a public key (PU-D) and a private key (PR-D), the digital content package 
comprising: 



the encrypted digital content; and 

the content provider public key (PU-C) encrypted with the decryption key (KD) 



and signed by the content provider private key (PR-C) (i.e., (KD (PU-C) S (PR-C))); 



the digital license comprising: 

the decryption key (KD) encrypted with the device public key (PU-D) 



certificate) based on (KD (DRL)) and (PU-D (KD)) and encrypted with the license provider 
private key (i.e., (S (PR-L))); and 



a certificate containing the license provider public key (PU-L) and signed 



by the content provider private key (PR-C) (i.e., (CERT (PU-L) S (PR-C))); 



the method comprising: 

obtaining (PU-D (KD)) from the license; 

applying (PR-D) to (PU-D (KD)) to produce (KD); 

obtaining (KD (PU-C) S (PR-C)) from the digital content package; 

applying (KD) to (KD (PU-C) S (PR-C)) to produce (PU-C); 

applying (PU-C) to (S (PR-C)) to validate (KD (PU-C) S (PR-C)), thereby 



(i.e.,(PU-D (KD))); 



a digital signature from the license provider (without any attached 



validating the digital content package; 
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obtaining (CERT (PU-L) S (PR-C)) from the license; 



applying (PU-C) to (CERT (PU-L) S (PR-C)) to validate (CERT (PU-L) 



S (PR-C)), thereby validating the content provider, and also to obtain (PU-L); 



obtaining (S (PR-L)) from the license; and 



applying (PU-L) to (S (PR-L)), thereby validating the license. 



131. The method of claim 130 wherein the digital content package further 



comprises a content / package ID identifying one of the digital content and the digital content 
package, and wherein the license further comprises the content / package ID of the 
corresponding digital content / digital content package, the method further comprising ensuring 
that the content / package ED of the license in fact corresponds to the content / package ID of the 
digital content / digital content package. 

132. The method of claim 130 wherein the license further comprises a license 
rights description (DRL) specifying terms and conditions that must be satisfied before the digital 
content may be rendered, the method further comprising; 

evaluating the license terms and conditions to determine whether the 
digital content is permitted to be rendered in the manner sought; 

if so, applying (KD) to the encrypted digital content to decrypt such 
encrypted digital content; and 

rendering the decrypted digital content. 
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133. The method of claim 132 wherein the license rights description is 
encrypted with the decryption key (KD) (i.e., (KD (DRL))), the method further comprising 
applying (KD) to (KD (DRL)) to obtain the license terms and conditions. 



134. A computer-readable medium having computer-executable instructions for 
performing a method for a device to interdependently validate: 

a digital content package having a piece of digital content in an encrypted form; 

and 

a corresponding digital license for rendering the digital content, 
the method comprising: 

deriving a first key from a source available to the device; 

obtaining a first digital signature from the digital content package; 

applying the first key to the first digital signature to validate the first 
digital signature and the digital content package; 

deriving a second key based on the first digital signature; 

obtaining a second digital signature from the license; and 

applying the second key to the second digital signature to validate the 
second digital signature and the license. 



135. The method of claim 133 wherein deriving the first key comprises: 
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obtaining a first encrypted key from the license; 



applying a key available to the device to the first encrypted key to decrypt 



the first encrypted key; 



obtaining a second encrypted key from the digital content; and 



applying the decrypted first encrypted key to the second encrypted key to 



produce the first key. 

136. The method of claim 135 wherein the encrypted digital content is 
decryptable according to a decryption key (KD), and wherein the first encrypted key is the 
decryption key (KD) encrypted with the device public key (PU-D) (i.e.,(PU-D (KD))). 

137. The method of claim 135 wherein the device has a public key (PU-D) and 
a private key (PR-D), and wherein the key available to the device is (PR-D). 



decryptable according to a decryption key (KD), wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
second encrypted key is the content provider public key (PU-C) encrypted with the decryption 



138. The method of claim 135 wherein the encrypted digital content is 



key (KD) (i.e., KD (PU-C)). 



139. The method of claim 135 wherein the second encrypted key is the basis 
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for the first digital signature. 

140. The method of claim 134 wherein deriving the second key comprises: 
obtaining a signed certificate from the license, the signed certificate 

having contents therein; and 

applying the first key to the signature of the signed certificate to produce 

the contents of the certificate and also to validate the signature. 



141 . The method of claim 140 wherein the digital license is provided by a 
license provider having a public key (PU-L) and a private key (PR-L), and wherein the contents 
of the certificate is (PU-L). 

142. The method of claim 141 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
signed certificate is a certificate containing the license provider public key (PU-L) and signed by 
the content provider private key (PR-C) (i.e., (CERT (PU-L) S (PR-C))). 



143. The method of claim 141 wherein the digital content package is provided 
by a content provider authorized by a root source to provide the package, wherein the root 
source has a public key (PU-R) and a private key (PR-R) and wherein the signed certificate is a 
certificate containing the license provider public key (PU-L) and signed by the root source 
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private key (PR-R) (i.e., (CERT (PU-L) S (PR-R))). 

144. The method of claim 134 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), and wherein the 
first key is (PU-C). 



decryptable according to a decryption key (KD), and wherein the first digital signature is based 
on the content provider public key (PU-C) encrypted with the decryption key (KD) and is signed 
by the content provider private key (PR-C) (i.e., (KD (PU-C) S (PR-C))). 



147. The method of claim 146 wherein the device has a public key (PU-D) and 
a private key (PR-D), wherein the license has the decryption key (KD) encrypted with the device 
public key (PU-D) (i.e., (PU-D (KD))), and wherein deriving (KD) comprises: 

obtaining (PU-D (KD)) from the license; 

applying (PR-D) to (PU-D (KD)) to produce (KD). 



145. The method of claim 144 wherein the encrypted digital content is 
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The method of claim 145 wherein deriving (PU-C) comprises: 



deriving (KD) from a source available to the device; 



applying (KD) to (KD (PU-C) S (PR-C)) to produce (PU-C). 
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148. The method of claim 147 wherein the license has a license rights 
description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the license rights description being encrypted with the decryption key (KD) (i.e., 
(KD (DRL))), the method further comprising applying (KD) to (KD(DRL)) to obtain the license 
terms and conditions. 

149. The method of claim 147 wherein the license has a license rights 
description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the method further comprising: 

evaluating the license terms and conditions to determine whether the 
digital content is permitted to be rendered in the manner sought; 

if so, applying (KD) to the encrypted digital content to decrypt such 
encrypted digital content; and 

rendering the decrypted digital content. 

150. The method of claim 144 wherein the encrypted digital content package is 
provided by a content provider authorized by a root source to provide the package, wherein the 
root source has a public key (PU-R) and a private key (PR-R) and wherein the first digital 
signature is a signed certificate containing the content provider public key (PU-C) and signed by 
the root source private key (PR-R) (i.e., (CERT (PU-C) S (PR-R)))- 
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151. The method of claim 134 wherein the digital license is provided by a 
license provider having a public key (PU-L) and a private key (PR-L), and wherein the second 
key is (PU-L). 

1 52. The method of claim 151 wherein the second digital signature is a digital 
signature encrypted with the license provider private key (i.e., (S (PR-L))). 

1 53. The method of claim 152 wherein the digital content package is provided 
by a content provider having a public key (PU-C) and a private key (PR-C), wherein the license 
has a certificate containing the license provider public key (PU-L) and signed by the content 
provider private key (PR-C) (i.e., (CERT (PU-L) S (PR-C))), and wherein deriving (PU-L) 
comprises: 

deriving (PU-C) from a source available to the device; 
obtaining (CERT (PU-L) S (PR-C)) from the license; and 
applying (PU-C) to (CERT (PU-L) S (PR-C)) to validate (CERT (PU-L) 
S (PR-C)), to produce (PU-L) and also to validate the content provider. 

1 54. The method of claim 1 53 wherein the encrypted digital content is 
decryptable according to a decryption key (KD), wherein the first digital signature is based on 
the content provider public key (PU-C) encrypted with the decryption key (KD) and is signed by 
the content provider private key (PR-C) (i.e., (KD (PU-C) S (PR-C))), and wherein deriving 



• 



DOCKET NO.: MSFT-107 / 127334.7 



PATENT 



-18- 



(PU-C) comprises: 



deriving (KD) from a source available to the device; 



applying (KD) to (KD (PU-C) S (PR-C)) to produce (PU-C). 



155. The method of claim 1 54 wherein the device has a public key (PU-D) and 
a private key (PR-D), wherein the license has the decryption key (KD) encrypted with the device 
public key (PU-D) (i.e.,(PU-D (KD))), and wherein deriving (KD) comprises: 

obtaining (PU-D (KD)) from the license; 

applying (PR-D) to (PU-D (KD)) to produce (KD). 



description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the license rights description being encrypted with the decryption key (KD) (i.e., 
(KD (DRL))), the method further comprising applying (KD) to (KD(DRL)) to obtain the license 
terms and conditions. 



description specifying terms and conditions that must be satisfied before the digital content may 
be rendered, the method further comprising: 

evaluating the license terms and conditions to determine whether the 
digital content is permitted to be rendered in the manner sought; 



1 56. The method of claim 1 55 wherein the license has a license rights 



1 57. The method of claim 1 55 wherein the license has a license rights 



